Study finds widespread privacy failings in online social networks

Jul 21, 2009

( -- Furious competition between social networking sites is compromising the protection of users' data, a Cambridge University study has concluded.

The survey covered 45 global social networks, ranging from popular sites such as MySpace and Facebook through to lesser-known foreign networks. Its authors report "serious concerns" about the extent to which these sites fail to keep users' personal information private.

It is the first detailed analysis to examine the security provisions of a large number of social networks. The report, by researchers in the University's Computer Laboratory, is being made freely available online.

While the problems it identifies - such as misleading privacy policies and inaccessible privacy guidelines - have long been suspected, the report provides new numerical data to confirm their scope.

Some 90% of sites, for example, needlessly required a full name or date of birth for permission to join. 80% failed to use standard encryption protocols to protect sensitive user data from . And 71% reserved the right to share user data with third parties in their privacy policies.

The study also argues that privacy is being compromised by rigorous competition for users. Researchers argue that open discussion of privacy on puts off the average user, which discourages the owners from producing explicit or accessible privacy guidelines.

"Sites want users to be relaxed and having fun, but when privacy is mentioned users feel less comfortable sharing data," Co-researcher Joseph Bonneau said. "Even sites with good privacy feel that they can't promote it, so users have no idea of what they're getting."

The researchers only covered sites which are available in English, signing up to each using a Yahoo! Email account and the pseudonym "Upton Sinclair".

In each case, Bonneau and his fellow researcher, Sören Preibusch, recorded the amount of personal information that they had to hand over in order to sign up to the site and how much they were told about its privacy policy and settings in the process. They also analysed how much they could see about the site's existing members before they joined.

Once they were signed up, the researchers tested each site's privacy controls against 260 criteria, examining features such as log-in arrangements and the site's privacy policy and configuration controls.

They found what the report calls "pervasive problems", including poor web security practices, confusing user-interfaces and misleading privacy policies.

All but three of the general purpose sites they examined left new profiles completely visible to at least all the other members of the site by default. As previous studies have suggested that between 80% and 99% of users never alter their privacy settings, this means that in most cases their profiles will remain visible.

The researchers also produced privacy scores for each of the networks assessed. Bebo and LinkedIn were ranked the highest for their privacy settings, while the British site Badoo earned the wooden spoon. Facebook and , frequently the targets of privacy critics, finished slightly above average. In general, the researchers found that the larger, more popular and older sites maintained better privacy practices and adopted higher privacy standards.

"The popular sites are just the tip of the iceberg," Preibusch said. "Niche sites implement significantly less favourable privacy practices and offer fewer controls to their users to configure the sharing of personal information."

Overall, the report also found that sites which promoted their privacy controls as a selling point tended to be those with fewer users joining the site. It suggests that this may be because the vast majority of people, while they may claim to be concerned about privacy, tend to forget about or ignore the possibility that this may be jeopardised when offered an attractive service.

Since the sites depend on acquiring as many users as possible, the researchers argue that most social networks opt to set up long and complicated privacy measures which, in most cases, it is difficult to access or even find. At the same time, they show off how many users they have and how easy it is to make friends, or share photos, videos and music - all features which it would be harder to sell with stricter privacy controls.

The privacy policies remain in place, the researchers suggest, to placate a vocal minority of "privacy fundamentalists", who might otherwise expose the lack of policy to the wider majority, prompting a discussion which, through its very existence alone, might dissuade prospective new members from joining.

The report calls for an "opt-out" approach to privacy, in which users' details are kept private until otherwise stated. It also calls for stronger across-the-board regulation, and suggests that sites could offer "premium" membership schemes which allow users to handle their privacy settings in greater detail if they so wish, a scheme known as "privacy negotiations".

The full report along with the original dataset can be downloaded at:

Provided by University of Cambridge (news : web)

Explore further: Twitter rules out Turkey office amid tax row

add to favorites email to friend print save as pdf

Related Stories

Facebook plans to simplify privacy settings

Jul 01, 2009

(AP) -- Facebook is overhauling its privacy controls over the next several weeks in an attempt to simplify its users' ability to control who sees the information they share on the site.

Watchdog: Facebook violates Canadian privacy law

Jul 16, 2009

(AP) -- Canada's privacy commissioner says the online social networking site Facebook breaches Canadian law by keeping users personal information indefinitely after members close their accounts.

Report: Widespread data sharing, 'Web bugs'

Jun 02, 2009

( -- Researchers at the University of California, Berkeley's School of Information released a report late Monday (June 1) showing that the most popular Web sites in the United States all share ...

Internet users give up privacy in exchange for trust

Nov 22, 2007

With public concern over online fraud, new research, funded by the Economic and Social Research Council, has revealed that internet users will reveal more personal information online if they believe they can trust the organisation ...

Recommended for you

Twitter rules out Turkey office amid tax row

8 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

10 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jul 22, 2009
". . .the vast majority of people, while they may claim to be concerned about privacy, tend to forget about or ignore the possibility that this may be jeopardised when offered an attractive social networking service."

privacy, particularly online, has been a hot topic for YEARS. if people refuse to listen, remember & act as needed to protect their privacy - then they are fools.

More news stories

IBM posts lower 1Q earnings amid hardware slump

IBM's first-quarter earnings fell and revenue came in below Wall Street's expectations amid an ongoing decline in its hardware business, one that was exasperated by weaker demand in China and emerging markets.

Microsoft CEO is driving data-culture mindset

( —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Quantenna promises 10-gigabit Wi-Fi by next year

( —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Down's chromosome cause genome-wide disruption

The extra copy of Chromosome 21 that causes Down's syndrome throws a spanner into the workings of all the other chromosomes as well, said a study published Wednesday that surprised its authors.

Researchers see hospitalization records as additional tool

Comparing hospitalization records with data reported to local boards of health presents a more accurate way to monitor how well communities track disease outbreaks, according to a paper published April 16 in the journal PLOS ON ...

Ebola virus in Africa outbreak is a new strain

The Ebola virus that has killed scores of people in Guinea this year is a new strain—evidence that the disease did not spread there from outbreaks in some other African nations, scientists report.